Re: partially broken internet connection

To: debian-user mailing list <debian-user@lists.debian.org>
Subject: Re: partially broken internet connection
From: Steven <redalert.commander@gmail.com>
Date: Mon, 13 Dec 2010 22:35:20 +0100
Message-id: <[🔎] 1292276120.6571.7.camel@pc-steven.LAN>
In-reply-to: <[🔎] 1292270765.10411.10.camel@pc-steven.LAN>
References: <[🔎] 1292270765.10411.10.camel@pc-steven.LAN>

I'll answer myself a bit, but this leaves me puzzled even more.

On Mon, 2010-12-13 at 21:06 +0100, Steven wrote: 
> Hi list,
> 
> (Might be unrelated) Yesterday I configured some extra rules on my
> gateway box (Debian Etch) to slow down traffic from a particular part of
> the network. It started at that time.

It seems that this is in fact related to the issues I'm having.

After a reboot of the gateway box, the sites work again (haven't tested
them all, just 2), as soon as I enable a particular tc filter, things go
wrong, until I reboot the gateway again.

After reboot(also runs the firewall script):
debian:/home/steven# tc qdisc show
qdisc cbq 11: dev eth2 rate 100000Kbit (bounded,isolated) prio
no-transmit
qdisc pfifo_fast 0: dev eth3 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1
1 1 1
qdisc pfifo_fast 0: dev ppp0 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1
1 1 1
qdisc pfifo_fast 0: dev tun0 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1
1 1 1

After running the firewall script without rebooting:
debian:/home/steven# tc qdisc show
qdisc cbq 11: dev eth2 rate 100000Kbit (bounded,isolated) prio
no-transmit
qdisc pfifo_fast 0: dev eth3 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1
1 1 1
qdisc pfifo_fast 0: dev tun0 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1
1 1 1
qdisc cbq 10: dev ppp0 rate 100000Kbit (bounded,isolated) prio
no-transmit


The applied rules in question are the following:
# Download marking
tc qdisc add dev eth2:0 root handle 11: cbq bandwidth 100Mbit avpkt 1000
mpu 64
tc class add dev eth2:0 parent 11: classid 11:1 cbq rate 200Kbit weight
50Kbit allot 1514 prio 1 avpkt 1000 bounded
tc filter add dev eth2:0 parent 11: protocol ip handle 4 fw flowid 11:1

# Upload marking
tc qdisc add dev ppp0 root handle 10: cbq bandwidth 100Mbit avpkt 1000
mpu 64
tc class add dev ppp0 parent 10: classid 10:1 cbq rate 25KBit weight
4Kbit allot 1514 prio 1 avpkt 1000 bounded
tc filter add dev ppp0 parent 10: protocol ip handle 3 fw flowid 10:1

# Upload rules
iptables -t mangle -A FORWARD -s 192.168.5.0/24 -j MARK --set-mark 3

# Download rules
iptables -t mangle -A POSTROUTING -d 192.168.5.0/24 -j MARK --set-mark 4

The affected network however is on subnet 10.0.0./24 so these filters
wouldn't apply to it.


Kind regards,
Steven

Reply to:

References:
- partially broken internet connection
  - From: Steven <redalert.commander@gmail.com>

Prev by Date: Re: Setting a default network cups printer [somewhat OT]
Next by Date: Re: openssl chat
Previous by thread: partially broken internet connection
Next by thread: usb drive nolonger registers on one pc, still registers on another
Index(es):
- Date
- Thread